[cifs-protocol] [EXTERNAL] Re: [120012821001594] [MS-SFU]Errata from 2019/12/09 - if RBCD bit is set should KDC match in ServicesAllowedToReceiveForwardedTicketsFrom

Sreekanth Nadendla srenaden at microsoft.com
Thu Feb 20 16:03:35 UTC 2020


Hello Isaac, can you reply to this e-mail with the exact text from the previous version of MS-SFU that shows KDC verifying DelegatinNotAllowed in the PAC ?

-----Original Message-----
From: Isaac Boukris <iboukris at gmail.com> 
Sent: Thursday, February 20, 2020 12:41 AM
To: Sreekanth Nadendla <srenaden at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Greg Hudson <ghudson at mit.edu>; support <support at mail.support.microsoft.com>
Subject: Re: [EXTERNAL] Re: [120012821001594] [MS-SFU]Errata from 2019/12/09 - if RBCD bit is set should KDC match in ServicesAllowedToReceiveForwardedTicketsFrom

Hi Sreekanth

On Wed, Feb 19, 2020 at 10:51 PM Sreekanth Nadendla <srenaden at microsoft.com> wrote:
>
> Hello Isaac, there are no plans to change the product behavior.

That is rather an incomplete answer. If the product behavior is not about to change, then why change the spec incorrectly?

Please fix the errata changes from 2019/12/09 then, to not required the evidence ticket to be forwardable and that the KDC should verify DelegatinNotAllowed in the PAC as Windows does and as it was documented previously in the spec.


More information about the cifs-protocol mailing list